From 2e489f8786f93a92afd0eb9573f7bfaeffcc8be0 Mon Sep 17 00:00:00 2001
From: Rohan Nagariya <rohan.n@browserstack.com>
Date: Fri, 12 Jun 2026 01:23:33 +0530
Subject: [PATCH] fix(security): harden .npmrc with supply-chain directives
 [APS-19734]

- Add ignore-scripts, strict-ssl, save-exact, engine-strict,
  legacy-peer-deps=false, audit-level=high
- Preserve existing package-lock=true and lockfile-version=1
- Public repo: access=restricted intentionally omitted
- Validated: npm install + npm test identical before/after
  (678 passing, 13 pre-existing failures unchanged); no install
  scripts in the dep tree, so ignore-scripts=true causes no regression

Resolves: APS-19734

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 .npmrc | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.npmrc b/.npmrc
index aa46d1ee..0a604674 100644
--- a/.npmrc
+++ b/.npmrc
@@ -1,2 +1,8 @@
 package-lock=true
 lockfile-version=1
+ignore-scripts=true
+strict-ssl=true
+save-exact=true
+engine-strict=true
+legacy-peer-deps=false
+audit-level=high